aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--main/ncurses/APKBUILD13
-rw-r--r--main/ncurses/CVE-2018-10754.patch17
2 files changed, 26 insertions, 4 deletions
diff --git a/main/ncurses/APKBUILD b/main/ncurses/APKBUILD
index 32e05af7ee9..8ef132184c6 100644
--- a/main/ncurses/APKBUILD
+++ b/main/ncurses/APKBUILD
@@ -2,22 +2,26 @@
pkgname=ncurses
pkgver=6.0_p20171125
_ver=${pkgver%_p*}-${pkgver#*_p}
-pkgrel=0
+pkgrel=1
pkgdesc="Console display library"
url="https://www.gnu.org/software/ncurses/"
arch="all"
license=MIT
depends=
makedepends_build="ncurses"
-source="http://invisible-mirror.net/archives/ncurses/current/ncurses-$_ver.tgz"
+source="http://invisible-mirror.net/archives/ncurses/current/ncurses-$_ver.tgz
+ CVE-2018-10754.patch
+ "
subpackages="$pkgname-static $pkgname-dev $pkgname-doc
$pkgname-terminfo-base:base $pkgname-terminfo $pkgname-libs"
builddir="$srcdir"/ncurses-$_ver
# secfixes:
+# 6.0_p20171125-r1:
+# - CVE-2018-10754
# 6.0_p20171125-r0:
-# - CVE-2017-16879
+# - CVE-2017-16879
# 6.0_p20170701-r0:
# - CVE-2017-10684
@@ -100,4 +104,5 @@ static() {
mv "$pkgdir"/usr/lib/*.a "$subpkgdir"/usr/lib/
}
-sha512sums="b06336a4696d5d5195177c0226f34aefebff05035247d43e1b958fb2098efb0fc2bf5a3c9d402c7c5e8fec65d03f5f290a84ef624f4a2f9348499551c5f4f09b ncurses-6.0-20171125.tgz"
+sha512sums="b06336a4696d5d5195177c0226f34aefebff05035247d43e1b958fb2098efb0fc2bf5a3c9d402c7c5e8fec65d03f5f290a84ef624f4a2f9348499551c5f4f09b ncurses-6.0-20171125.tgz
+215c93fcb9ff1dd112454262b0b42bfc9c27b17cb46950899451f515a862e3db78e5bd021f1cd13bccb032d8a1f8ca17e07cfe9c940457d309a1c3895819138f CVE-2018-10754.patch"
diff --git a/main/ncurses/CVE-2018-10754.patch b/main/ncurses/CVE-2018-10754.patch
new file mode 100644
index 00000000000..377caa3b401
--- /dev/null
+++ b/main/ncurses/CVE-2018-10754.patch
@@ -0,0 +1,17 @@
+Index: ncurses/tinfo/parse_entry.c
+--- ncurses-6.1-20180407+/ncurses/tinfo/parse_entry.c 2017-08-26 19:49:50.000000000 +0000
++++ ncurses-6.1-20180414/ncurses/tinfo/parse_entry.c 2018-04-14 17:41:12.000000000 +0000
+@@ -543,9 +543,11 @@
+ * Otherwise, look for a base entry that will already
+ * have picked up defaults via translation.
+ */
+- for (i = 0; i < entryp->nuses; i++)
+- if (!strchr((char *) entryp->uses[i].name, '+'))
++ for (i = 0; i < entryp->nuses; i++) {
++ if (entryp->uses[i].name != 0
++ && !strchr(entryp->uses[i].name, '+'))
+ has_base_entry = TRUE;
++ }
+ }
+
+ postprocess_termcap(&entryp->tterm, has_base_entry);
generated by cgit v1.2.3 (git 2.41.0) at 2024-04-24 23:24:23 +0000